ZeroPath at Black Hat USA 2026

ZeroPath Blog & Research

Explore our team's latest research and stay up to date with ZeroPath's capabilities.
F5 VELOS F5OS-C Partition Control Plane: CVE-2025-59778 Resource Allocation Vulnerability – Brief Summary
CVE Analysis

2025-10-15

8 min read

F5 VELOS F5OS-C Partition Control Plane: CVE-2025-59778 Resource Allocation Vulnerability – Brief Summary

This post provides a brief summary of CVE-2025-59778, a resource allocation vulnerability affecting F5 VELOS F5OS-C partition control planes with the Allowed IP Addresses feature enabled. It covers affected versions, technical details, and vendor security context based on available advisories and technical documentation.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

F5 BIG-IP CVE-2025-61951: Brief Summary of DTLS 1.2 TMM Out-of-Bounds Read Denial of Service
CVE Analysis

2025-10-15

8 min read

F5 BIG-IP CVE-2025-61951: Brief Summary of DTLS 1.2 TMM Out-of-Bounds Read Denial of Service

This post provides a brief summary of CVE-2025-61951, a high-severity out-of-bounds read vulnerability in F5 BIG-IP's Traffic Management Microkernel (TMM) when configured for DTLS 1.2 with specific Server SSL profile settings. The summary covers technical details, affected versions, and vendor security history, with references for further reading.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

F5OS-A and F5OS-C Privilege Escalation (CVE-2025-61955): Brief Summary and Technical Review
CVE Analysis

2025-10-15

8 min read

F5OS-A and F5OS-C Privilege Escalation (CVE-2025-61955): Brief Summary and Technical Review

This post provides a brief summary and technical review of CVE-2025-61955, a high-severity privilege escalation vulnerability in F5OS-A and F5OS-C. We cover the technical mechanism, affected versions, and vendor security history based on available public information.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

F5 BIG-IP CVE-2025-61958: Brief Summary of tmsh iHealth Appliance Mode Bypass
CVE Analysis

2025-10-15

8 min read

F5 BIG-IP CVE-2025-61958: Brief Summary of tmsh iHealth Appliance Mode Bypass

A brief summary of CVE-2025-61958, a privilege escalation vulnerability in F5 BIG-IP's tmsh iHealth utility. This post covers technical details, affected versions, and vendor history, focusing on the risk to Appliance mode deployments. No PoC, patch, or detection information is included.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

F5 BIG-IP APM CVE-2025-61960: Brief Summary of a Remote Denial of Service Vulnerability
CVE Analysis

2025-10-15

9 min read

F5 BIG-IP APM CVE-2025-61960: Brief Summary of a Remote Denial of Service Vulnerability

A brief summary of CVE-2025-61960, a remote denial of service vulnerability impacting F5 BIG-IP Access Policy Manager portal access. This post covers affected versions, technical root cause, and vendor security context based on available public information.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Orion SMS OTP Verification CVE-2025-9967: Privilege Escalation via Account Takeover – Brief Summary
CVE Analysis

2025-10-15

7 min read

Orion SMS OTP Verification CVE-2025-9967: Privilege Escalation via Account Takeover – Brief Summary

Brief summary of CVE-2025-9967 affecting all versions up to 1.1.7 of the Orion SMS OTP Verification plugin for WordPress. This post covers technical details of the authentication bypass and privilege escalation flaw, affected versions, and vendor security history.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Look: Heap-Based Buffer Overflow in Fortinet fgfmsd (CVE-2024-50571)
CVE Analysis

2025-10-14

8 min read

Brief Look: Heap-Based Buffer Overflow in Fortinet fgfmsd (CVE-2024-50571)

This post provides a brief summary of CVE-2024-50571, a heap-based buffer overflow in Fortinet's fgfmsd daemon affecting FortiAnalyzer, FortiManager, FortiOS, and FortiProxy. It covers affected versions, technical details, and vendor security history based on available public sources.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Ivanti EPMM CVE-2025-10242 OS Command Injection: Brief Summary and Technical Review
CVE Analysis

2025-10-14

7 min read

Ivanti EPMM CVE-2025-10242 OS Command Injection: Brief Summary and Technical Review

This post provides a brief summary and technical review of CVE-2025-10242, an OS command injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) admin panel affecting versions before 12.6.0.2, 12.5.0.4, and 12.4.0.4. The vulnerability allows remote authenticated attackers with admin privileges to achieve remote code execution. Patch information and affected version details are included.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Ivanti EPMM CVE-2025-10243: Brief Summary of OS Command Injection in Admin Panel
CVE Analysis

2025-10-14

7 min read

Ivanti EPMM CVE-2025-10243: Brief Summary of OS Command Injection in Admin Panel

This post provides a brief summary of CVE-2025-10243, an OS command injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) admin panel affecting versions before 12.6.0.2, 12.5.0.4, and 12.4.0.4. The vulnerability allows remote code execution by authenticated admin users. Includes technical details, affected versions, and vendor security history.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Ivanti EPMM CVE-2025-10985 OS Command Injection: Brief Summary and Technical Review
CVE Analysis

2025-10-14

8 min read

Ivanti EPMM CVE-2025-10985 OS Command Injection: Brief Summary and Technical Review

This post provides a brief summary and technical review of CVE-2025-10985, an OS command injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) prior to versions 12.6.0.2, 12.5.0.4, and 12.4.0.4. The vulnerability allows authenticated admin users to execute arbitrary OS commands, potentially leading to remote code execution. Includes affected version details, technical mechanism, and vendor security history.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

FortiProxy and FortiOS ZTNA Certificate Validation Flaw: Brief Summary of CVE-2025-25253
CVE Analysis

2025-10-14

7 min read

FortiProxy and FortiOS ZTNA Certificate Validation Flaw: Brief Summary of CVE-2025-25253

This post provides a brief summary of CVE-2025-25253, an improper certificate validation vulnerability in FortiProxy and FortiOS ZTNA proxy. It covers affected versions, technical details, and vendor security context, with all references included for further review.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

SIMATIC CP 1542SP-1 and SIPLUS ET 200SP: Brief Summary of CVE-2025-40771 Authentication Bypass
CVE Analysis

2025-10-14

8 min read

SIMATIC CP 1542SP-1 and SIPLUS ET 200SP: Brief Summary of CVE-2025-40771 Authentication Bypass

This post provides a brief summary of CVE-2025-40771, a critical authentication bypass vulnerability affecting Siemens SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, CP 1543SP-1, and SIPLUS ET 200SP communication processors prior to firmware V2.4.24. The flaw allows unauthenticated remote access to configuration data. Patch and affected version details are included.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Fortinet FortiVoice CVE-2025-47856: Brief Summary of Command Injection Vulnerability and Impact
CVE Analysis

2025-10-14

8 min read

Fortinet FortiVoice CVE-2025-47856: Brief Summary of Command Injection Vulnerability and Impact

This post provides a brief summary of CVE-2025-47856, a command injection vulnerability affecting Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, and before 6.4.10. It covers technical details, affected versions, and vendor security history based on available public sources.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Fortinet FortiPAM and FortiSwitchManager CVE-2025-49201 Weak Authentication: Brief Summary
CVE Analysis

2025-10-14

7 min read

Fortinet FortiPAM and FortiSwitchManager CVE-2025-49201 Weak Authentication: Brief Summary

This post provides a brief summary of CVE-2025-49201, a weak authentication vulnerability in Fortinet FortiPAM (1.0.0 through 1.5.0) and FortiSwitchManager (7.2.0 through 7.2.4). The vulnerability allows remote attackers to execute unauthorized code or commands via specially crafted HTTP requests. Includes affected versions, technical details, and references to official advisories.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Adobe Connect CVE-2025-49553: Brief Summary of DOM-Based XSS in 12.9 and Earlier
CVE Analysis

2025-10-14

8 min read

Adobe Connect CVE-2025-49553: Brief Summary of DOM-Based XSS in 12.9 and Earlier

This post provides a brief summary of CVE-2025-49553, a DOM-based XSS vulnerability in Adobe Connect 12.9 and earlier. We cover affected versions, technical details, and vendor security history based on available public information.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Adobe Commerce CVE-2025-54263: Brief Summary of Improper Access Control Vulnerability
CVE Analysis

2025-10-14

8 min read

Adobe Commerce CVE-2025-54263: Brief Summary of Improper Access Control Vulnerability

A brief summary of CVE-2025-54263, a critical improper access control vulnerability in Adobe Commerce and Magento Open Source. This post covers affected versions, technical details, and vendor security history based on available public sources.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Adobe Commerce CVE-2025-54264: Brief Summary of a Critical Stored XSS Vulnerability
CVE Analysis

2025-10-14

13 min read

Adobe Commerce CVE-2025-54264: Brief Summary of a Critical Stored XSS Vulnerability

This post provides a brief summary of CVE-2025-54264, a critical stored cross-site scripting vulnerability affecting Adobe Commerce and Magento Open Source. It covers technical details, affected versions, patch information, and vendor security history based on available sources.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Fortinet SSL VPN RDP Bookmark Heap Overflow (CVE-2025-57740): Brief Summary and Patch Guidance
CVE Analysis

2025-10-14

7 min read

Fortinet SSL VPN RDP Bookmark Heap Overflow (CVE-2025-57740): Brief Summary and Patch Guidance

This post provides a brief summary of CVE-2025-57740, a heap-based buffer overflow in Fortinet's SSL VPN RDP bookmark functionality. It covers affected versions, technical details, and patch guidance for FortiOS, FortiPAM, and FortiProxy. No proof of concept or detection methods are included.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

FortiOS CVE-2025-58325: Brief Summary of CLI Command Bypass Vulnerability
CVE Analysis

2025-10-14

8 min read

FortiOS CVE-2025-58325: Brief Summary of CLI Command Bypass Vulnerability

This post provides a brief summary of CVE-2025-58325, a high-severity CLI command bypass vulnerability in FortiOS. It covers affected versions, technical details of the vulnerability mechanism, and vendor security history, referencing official advisories and public research.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Argo Workflows CVE-2025-62156: Zip Slip Path Traversal Vulnerability – Brief Technical Summary
CVE Analysis

2025-10-14

8 min read

Argo Workflows CVE-2025-62156: Zip Slip Path Traversal Vulnerability – Brief Technical Summary

This post provides a brief summary of CVE-2025-62156, a Zip Slip path traversal vulnerability in Argo Workflows affecting artifact extraction in specific versions. Security professionals will find precise technical details, affected version ranges, and references to official advisories and fixes.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Detect & fix
what others miss

Works with
  • GitHub
  • GitLab
  • Bitbucket
  • Azure DevOps Services
  • Jira
  • Linear
  • Slack
  • Security Compass
Security magnifying glass visualization
CVE Analysis | ZeroPath Security Blog - Vulnerability Research & Exploits | Page 39 | ZeroPath